340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
Size

184KB
MD5

746b987a440766924dc577b99f195ed6
SHA1

2b80e8e8275e3cda6d36655613fc2c12d4fb253e
SHA256

340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f
SHA512

01629da65ac37767e0247c6acc047c097e40b6b5767950e67bfcecbd1df61c8f11e8751b62aa3703e8515476c459df9bbc4924090740d6023602ba493e72d9cc
SSDEEP

1536:+70t6jWluTZsovxAZJRAlRwMW2IfvZclamdKSZL12Azltitl5hj5nizpvB:YZNTZso52JRgdWt3eFZL1XbitlnViFZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-36334.exeUnicorn-38040.exeUnicorn-60044.exeUnicorn-37569.exeUnicorn-29401.exeUnicorn-38123.exeUnicorn-56090.exeUnicorn-32140.exeUnicorn-15057.exeUnicorn-25918.exeUnicorn-15057.exeUnicorn-28462.exeUnicorn-39322.exeUnicorn-45566.exeUnicorn-10755.exeUnicorn-52343.exeUnicorn-56427.exeUnicorn-34767.exeUnicorn-13531.exeUnicorn-29313.exeUnicorn-9447.exeUnicorn-40173.exeUnicorn-51871.exeUnicorn-29867.exeUnicorn-41565.exeUnicorn-6754.exeUnicorn-48342.exeUnicorn-532.exeUnicorn-43786.exeUnicorn-54647.exeUnicorn-33480.exeUnicorn-31342.exeUnicorn-27258.exeUnicorn-38118.exeUnicorn-57984.exeUnicorn-23174.exeUnicorn-31896.exeUnicorn-47678.exeUnicorn-23728.exeUnicorn-43594.exeUnicorn-8783.exeUnicorn-50371.exeUnicorn-4699.exeUnicorn-13422.exeUnicorn-50968.exeUnicorn-16158.exeUnicorn-27018.exeUnicorn-53661.exeUnicorn-42800.exeUnicorn-24326.exeUnicorn-4460.exeUnicorn-49385.exeUnicorn-32302.exeUnicorn-24134.exeUnicorn-41202.exeUnicorn-52063.exeUnicorn-17252.exeUnicorn-33034.exeUnicorn-33034.exeUnicorn-39810.exeUnicorn-42271.exeUnicorn-33588.exeUnicorn-22728.exeUnicorn-18644.exe

pid	process
2176	Unicorn-36334.exe
2304	Unicorn-38040.exe
2888	Unicorn-60044.exe
2864	Unicorn-37569.exe
2744	Unicorn-29401.exe
2732	Unicorn-38123.exe
2020	Unicorn-56090.exe
2816	Unicorn-32140.exe
2956	Unicorn-15057.exe
2796	Unicorn-25918.exe
2964	Unicorn-15057.exe
2644	Unicorn-28462.exe
304	Unicorn-39322.exe
2144	Unicorn-45566.exe
2424	Unicorn-10755.exe
1612	Unicorn-52343.exe
1936	Unicorn-56427.exe
572	Unicorn-34767.exe
2028	Unicorn-13531.exe
2412	Unicorn-29313.exe
824	Unicorn-9447.exe
2036	Unicorn-40173.exe
1548	Unicorn-51871.exe
2392	Unicorn-29867.exe
1976	Unicorn-41565.exe
900	Unicorn-6754.exe
1860	Unicorn-48342.exe
1736	Unicorn-532.exe
2372	Unicorn-43786.exe
848	Unicorn-54647.exe
2172	Unicorn-33480.exe
2704	Unicorn-31342.exe
2772	Unicorn-27258.exe
2188	Unicorn-38118.exe
2720	Unicorn-57984.exe
2856	Unicorn-23174.exe
1668	Unicorn-31896.exe
1240	Unicorn-47678.exe
2792	Unicorn-23728.exe
2904	Unicorn-43594.exe
2932	Unicorn-8783.exe
1088	Unicorn-50371.exe
1876	Unicorn-4699.exe
1156	Unicorn-13422.exe
3008	Unicorn-50968.exe
2128	Unicorn-16158.exe
2132	Unicorn-27018.exe
632	Unicorn-53661.exe
1732	Unicorn-42800.exe
1544	Unicorn-24326.exe
984	Unicorn-4460.exe
1980	Unicorn-49385.exe
2388	Unicorn-32302.exe
1520	Unicorn-24134.exe
2512	Unicorn-41202.exe
2216	Unicorn-52063.exe
1208	Unicorn-17252.exe
2348	Unicorn-33034.exe
1880	Unicorn-33034.exe
2104	Unicorn-39810.exe
2840	Unicorn-42271.exe
2880	Unicorn-33588.exe
2984	Unicorn-22728.exe
2848	Unicorn-18644.exe

Loads dropped DLL 64 IoCs

Processes:

340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exeUnicorn-36334.exeUnicorn-38040.exeUnicorn-60044.exeWerFault.exeUnicorn-37569.exeUnicorn-38123.exeUnicorn-29401.exeWerFault.exeWerFault.exeUnicorn-56090.exeUnicorn-25918.exeUnicorn-15057.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
2176	Unicorn-36334.exe
2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
2176	Unicorn-36334.exe
2304	Unicorn-38040.exe
2304	Unicorn-38040.exe
2888	Unicorn-60044.exe
2888	Unicorn-60044.exe
2176	Unicorn-36334.exe
2176	Unicorn-36334.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2864	Unicorn-37569.exe
2864	Unicorn-37569.exe
2304	Unicorn-38040.exe
2304	Unicorn-38040.exe
2888	Unicorn-60044.exe
2732	Unicorn-38123.exe
2744	Unicorn-29401.exe
2888	Unicorn-60044.exe
2744	Unicorn-29401.exe
2732	Unicorn-38123.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
2020	Unicorn-56090.exe
2020	Unicorn-56090.exe
2864	Unicorn-37569.exe
2864	Unicorn-37569.exe
2796	Unicorn-25918.exe
2796	Unicorn-25918.exe
2964	Unicorn-15057.exe
2964	Unicorn-15057.exe
2744	Unicorn-29401.exe
2744	Unicorn-29401.exe
2732	Unicorn-38123.exe
2732	Unicorn-38123.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
1032	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2752	2204	WerFault.exe	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
2444	2176	WerFault.exe	Unicorn-36334.exe
2440	2304	WerFault.exe	Unicorn-38040.exe
1896	2888	WerFault.exe	Unicorn-60044.exe
332	2864	WerFault.exe	Unicorn-37569.exe
300	2732	WerFault.exe	Unicorn-38123.exe
1032	2744	WerFault.exe	Unicorn-29401.exe
1744	2020	WerFault.exe	Unicorn-56090.exe
1748	2956	WerFault.exe	Unicorn-15057.exe
2488	2796	WerFault.exe	Unicorn-25918.exe
2108	2964	WerFault.exe	Unicorn-15057.exe
268	2816	WerFault.exe	Unicorn-32140.exe
2868	2644	WerFault.exe	Unicorn-28462.exe
344	304	WerFault.exe	Unicorn-39322.exe
1764	2144	WerFault.exe	Unicorn-45566.exe
1620	1936	WerFault.exe	Unicorn-56427.exe
1556	2424	WerFault.exe	Unicorn-10755.exe
1288	1612	WerFault.exe	Unicorn-52343.exe
2004	572	WerFault.exe	Unicorn-34767.exe
2212	2028	WerFault.exe	Unicorn-13531.exe
2836	2412	WerFault.exe	Unicorn-29313.exe
1964	824	WerFault.exe	Unicorn-9447.exe
2788	2036	WerFault.exe	Unicorn-40173.exe
2152	1548	WerFault.exe	Unicorn-51871.exe
3020	1976	WerFault.exe	Unicorn-41565.exe
1136	2392	WerFault.exe	Unicorn-29867.exe
2420	900	WerFault.exe	Unicorn-6754.exe
1968	1736	WerFault.exe	Unicorn-532.exe
1812	1860	WerFault.exe	Unicorn-48342.exe
1564	2372	WerFault.exe	Unicorn-43786.exe
1568	2172	WerFault.exe	Unicorn-33480.exe
2780	848	WerFault.exe	Unicorn-54647.exe
2572	2704	WerFault.exe	Unicorn-31342.exe
2908	1668	WerFault.exe	Unicorn-31896.exe
1188	2188	WerFault.exe	Unicorn-38118.exe
1072	2720	WerFault.exe	Unicorn-57984.exe
1292	2856	WerFault.exe	Unicorn-23174.exe
2100	2772	WerFault.exe	Unicorn-27258.exe
2260	1156	WerFault.exe	Unicorn-13422.exe
2692	2904	WerFault.exe	Unicorn-43594.exe
996	1240	WerFault.exe	Unicorn-47678.exe
3080	2792	WerFault.exe	Unicorn-23728.exe
3100	2932	WerFault.exe	Unicorn-8783.exe
3132	1088	WerFault.exe	Unicorn-50371.exe
3140	1876	WerFault.exe	Unicorn-4699.exe
3480	2132	WerFault.exe	Unicorn-27018.exe
3616	1732	WerFault.exe	Unicorn-42800.exe
3772	632	WerFault.exe	Unicorn-53661.exe
3832	1980	WerFault.exe	Unicorn-49385.exe
3572	1208	WerFault.exe	Unicorn-17252.exe
3468	2588	WerFault.exe	Unicorn-29504.exe
3440	2104	WerFault.exe	Unicorn-39810.exe
3520	1544	WerFault.exe	Unicorn-24326.exe
3816	2916	WerFault.exe	Unicorn-56147.exe
3828	2076	WerFault.exe	Unicorn-31965.exe
3864	2128	WerFault.exe	Unicorn-16158.exe
4008	2840	WerFault.exe	Unicorn-42271.exe
4004	1880	WerFault.exe	Unicorn-33034.exe
3152	2348	WerFault.exe	Unicorn-33034.exe
3228	2848	WerFault.exe	Unicorn-18644.exe
3328	2880	WerFault.exe	Unicorn-33588.exe
3412	2216	WerFault.exe	Unicorn-52063.exe
3552	984	WerFault.exe	Unicorn-4460.exe
3300	1984	WerFault.exe	Unicorn-42847.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exeUnicorn-36334.exeUnicorn-38040.exeUnicorn-60044.exeUnicorn-37569.exeUnicorn-29401.exeUnicorn-38123.exeUnicorn-56090.exeUnicorn-32140.exeUnicorn-15057.exeUnicorn-15057.exeUnicorn-25918.exeUnicorn-28462.exeUnicorn-39322.exeUnicorn-45566.exeUnicorn-10755.exeUnicorn-52343.exeUnicorn-56427.exeUnicorn-34767.exeUnicorn-13531.exeUnicorn-9447.exeUnicorn-29313.exeUnicorn-40173.exeUnicorn-51871.exeUnicorn-29867.exeUnicorn-41565.exeUnicorn-6754.exeUnicorn-48342.exeUnicorn-532.exeUnicorn-43786.exeUnicorn-54647.exeUnicorn-33480.exeUnicorn-31342.exeUnicorn-27258.exeUnicorn-38118.exeUnicorn-23174.exeUnicorn-57984.exeUnicorn-31896.exeUnicorn-47678.exeUnicorn-43594.exeUnicorn-23728.exeUnicorn-8783.exeUnicorn-50371.exeUnicorn-4699.exeUnicorn-13422.exeUnicorn-50968.exeUnicorn-16158.exeUnicorn-27018.exeUnicorn-42800.exeUnicorn-53661.exeUnicorn-24326.exeUnicorn-4460.exeUnicorn-49385.exeUnicorn-32302.exeUnicorn-24134.exeUnicorn-41202.exeUnicorn-52063.exeUnicorn-17252.exeUnicorn-33034.exeUnicorn-33034.exeUnicorn-42271.exeUnicorn-22728.exeUnicorn-39810.exeUnicorn-33588.exe

pid	process
2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
2176	Unicorn-36334.exe
2304	Unicorn-38040.exe
2888	Unicorn-60044.exe
2864	Unicorn-37569.exe
2744	Unicorn-29401.exe
2732	Unicorn-38123.exe
2020	Unicorn-56090.exe
2816	Unicorn-32140.exe
2964	Unicorn-15057.exe
2956	Unicorn-15057.exe
2796	Unicorn-25918.exe
2644	Unicorn-28462.exe
304	Unicorn-39322.exe
2144	Unicorn-45566.exe
2424	Unicorn-10755.exe
1612	Unicorn-52343.exe
1936	Unicorn-56427.exe
572	Unicorn-34767.exe
2028	Unicorn-13531.exe
824	Unicorn-9447.exe
2412	Unicorn-29313.exe
2036	Unicorn-40173.exe
1548	Unicorn-51871.exe
2392	Unicorn-29867.exe
1976	Unicorn-41565.exe
900	Unicorn-6754.exe
1860	Unicorn-48342.exe
1736	Unicorn-532.exe
2372	Unicorn-43786.exe
848	Unicorn-54647.exe
2172	Unicorn-33480.exe
2704	Unicorn-31342.exe
2772	Unicorn-27258.exe
2188	Unicorn-38118.exe
2856	Unicorn-23174.exe
2720	Unicorn-57984.exe
1668	Unicorn-31896.exe
1240	Unicorn-47678.exe
2904	Unicorn-43594.exe
2792	Unicorn-23728.exe
2932	Unicorn-8783.exe
1088	Unicorn-50371.exe
1876	Unicorn-4699.exe
1156	Unicorn-13422.exe
3008	Unicorn-50968.exe
2128	Unicorn-16158.exe
2132	Unicorn-27018.exe
1732	Unicorn-42800.exe
632	Unicorn-53661.exe
1544	Unicorn-24326.exe
984	Unicorn-4460.exe
1980	Unicorn-49385.exe
2388	Unicorn-32302.exe
1520	Unicorn-24134.exe
2512	Unicorn-41202.exe
2216	Unicorn-52063.exe
1208	Unicorn-17252.exe
1880	Unicorn-33034.exe
2348	Unicorn-33034.exe
2840	Unicorn-42271.exe
2984	Unicorn-22728.exe
2104	Unicorn-39810.exe
2880	Unicorn-33588.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exeUnicorn-36334.exeUnicorn-38040.exeUnicorn-60044.exeUnicorn-37569.exeUnicorn-29401.exeUnicorn-38123.exeUnicorn-56090.exe

description	pid	process	target process
PID 2204 wrote to memory of 2176	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-36334.exe
PID 2204 wrote to memory of 2176	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-36334.exe
PID 2204 wrote to memory of 2176	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-36334.exe
PID 2204 wrote to memory of 2176	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-36334.exe
PID 2204 wrote to memory of 2304	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-38040.exe
PID 2204 wrote to memory of 2304	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-38040.exe
PID 2204 wrote to memory of 2304	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-38040.exe
PID 2204 wrote to memory of 2304	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	Unicorn-38040.exe
PID 2176 wrote to memory of 2888	2176	Unicorn-36334.exe	Unicorn-60044.exe
PID 2176 wrote to memory of 2888	2176	Unicorn-36334.exe	Unicorn-60044.exe
PID 2176 wrote to memory of 2888	2176	Unicorn-36334.exe	Unicorn-60044.exe
PID 2176 wrote to memory of 2888	2176	Unicorn-36334.exe	Unicorn-60044.exe
PID 2204 wrote to memory of 2752	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	WerFault.exe
PID 2204 wrote to memory of 2752	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	WerFault.exe
PID 2204 wrote to memory of 2752	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	WerFault.exe
PID 2204 wrote to memory of 2752	2204	340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe	WerFault.exe
PID 2304 wrote to memory of 2864	2304	Unicorn-38040.exe	Unicorn-37569.exe
PID 2304 wrote to memory of 2864	2304	Unicorn-38040.exe	Unicorn-37569.exe
PID 2304 wrote to memory of 2864	2304	Unicorn-38040.exe	Unicorn-37569.exe
PID 2304 wrote to memory of 2864	2304	Unicorn-38040.exe	Unicorn-37569.exe
PID 2888 wrote to memory of 2744	2888	Unicorn-60044.exe	Unicorn-29401.exe
PID 2888 wrote to memory of 2744	2888	Unicorn-60044.exe	Unicorn-29401.exe
PID 2888 wrote to memory of 2744	2888	Unicorn-60044.exe	Unicorn-29401.exe
PID 2888 wrote to memory of 2744	2888	Unicorn-60044.exe	Unicorn-29401.exe
PID 2176 wrote to memory of 2732	2176	Unicorn-36334.exe	Unicorn-38123.exe
PID 2176 wrote to memory of 2732	2176	Unicorn-36334.exe	Unicorn-38123.exe
PID 2176 wrote to memory of 2732	2176	Unicorn-36334.exe	Unicorn-38123.exe
PID 2176 wrote to memory of 2732	2176	Unicorn-36334.exe	Unicorn-38123.exe
PID 2176 wrote to memory of 2444	2176	Unicorn-36334.exe	WerFault.exe
PID 2176 wrote to memory of 2444	2176	Unicorn-36334.exe	WerFault.exe
PID 2176 wrote to memory of 2444	2176	Unicorn-36334.exe	WerFault.exe
PID 2176 wrote to memory of 2444	2176	Unicorn-36334.exe	WerFault.exe
PID 2864 wrote to memory of 2020	2864	Unicorn-37569.exe	Unicorn-56090.exe
PID 2864 wrote to memory of 2020	2864	Unicorn-37569.exe	Unicorn-56090.exe
PID 2864 wrote to memory of 2020	2864	Unicorn-37569.exe	Unicorn-56090.exe
PID 2864 wrote to memory of 2020	2864	Unicorn-37569.exe	Unicorn-56090.exe
PID 2304 wrote to memory of 2816	2304	Unicorn-38040.exe	Unicorn-32140.exe
PID 2304 wrote to memory of 2816	2304	Unicorn-38040.exe	Unicorn-32140.exe
PID 2304 wrote to memory of 2816	2304	Unicorn-38040.exe	Unicorn-32140.exe
PID 2304 wrote to memory of 2816	2304	Unicorn-38040.exe	Unicorn-32140.exe
PID 2888 wrote to memory of 2796	2888	Unicorn-60044.exe	Unicorn-25918.exe
PID 2888 wrote to memory of 2796	2888	Unicorn-60044.exe	Unicorn-25918.exe
PID 2888 wrote to memory of 2796	2888	Unicorn-60044.exe	Unicorn-25918.exe
PID 2888 wrote to memory of 2796	2888	Unicorn-60044.exe	Unicorn-25918.exe
PID 2744 wrote to memory of 2964	2744	Unicorn-29401.exe	Unicorn-15057.exe
PID 2744 wrote to memory of 2964	2744	Unicorn-29401.exe	Unicorn-15057.exe
PID 2744 wrote to memory of 2964	2744	Unicorn-29401.exe	Unicorn-15057.exe
PID 2744 wrote to memory of 2964	2744	Unicorn-29401.exe	Unicorn-15057.exe
PID 2732 wrote to memory of 2956	2732	Unicorn-38123.exe	Unicorn-15057.exe
PID 2732 wrote to memory of 2956	2732	Unicorn-38123.exe	Unicorn-15057.exe
PID 2732 wrote to memory of 2956	2732	Unicorn-38123.exe	Unicorn-15057.exe
PID 2732 wrote to memory of 2956	2732	Unicorn-38123.exe	Unicorn-15057.exe
PID 2304 wrote to memory of 2440	2304	Unicorn-38040.exe	WerFault.exe
PID 2304 wrote to memory of 2440	2304	Unicorn-38040.exe	WerFault.exe
PID 2304 wrote to memory of 2440	2304	Unicorn-38040.exe	WerFault.exe
PID 2304 wrote to memory of 2440	2304	Unicorn-38040.exe	WerFault.exe
PID 2888 wrote to memory of 1896	2888	Unicorn-60044.exe	WerFault.exe
PID 2888 wrote to memory of 1896	2888	Unicorn-60044.exe	WerFault.exe
PID 2888 wrote to memory of 1896	2888	Unicorn-60044.exe	WerFault.exe
PID 2888 wrote to memory of 1896	2888	Unicorn-60044.exe	WerFault.exe
PID 2020 wrote to memory of 2644	2020	Unicorn-56090.exe	Unicorn-28462.exe
PID 2020 wrote to memory of 2644	2020	Unicorn-56090.exe	Unicorn-28462.exe
PID 2020 wrote to memory of 2644	2020	Unicorn-56090.exe	Unicorn-28462.exe
PID 2020 wrote to memory of 2644	2020	Unicorn-56090.exe	Unicorn-28462.exe

C:\Users\Admin\AppData\Local\Temp\340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe
"C:\Users\Admin\AppData\Local\Temp\340f1bebd60934edf86c3377b11d96f230d09f2a1dae06f7f275ea893c2dfc2f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        9⤵
        Executes dropped EXE
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        11⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 220
        12⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        11⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        11⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        12⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        13⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        14⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        15⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        14⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        13⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        12⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
        10⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        9⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        10⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        11⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        12⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        13⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        14⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        15⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        14⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        13⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        10⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 220
        10⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        9⤵
        Program crash
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        11⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        12⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        13⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        14⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
        15⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 236
        14⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        13⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        12⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        11⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        11⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        12⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        13⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        14⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
        13⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
        9⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        8⤵
        Program crash
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        12⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 220
        12⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
        9⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        8⤵
        Program crash
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        7⤵
        Program crash
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38902.exe
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        11⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
        12⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
        13⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        14⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11432 -s 216
        14⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        12⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        9⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        8⤵
        Program crash
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        7⤵
        Program crash
        
        PID:1812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        6⤵
        Program crash
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63651.exe
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        10⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        12⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        13⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        14⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 236
        14⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        12⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        13⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 220
        12⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        10⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        9⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        11⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        12⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        13⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
        13⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        12⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        8⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        12⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        13⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        14⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        13⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        12⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        11⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        12⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        13⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11960 -s 216
        13⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
        12⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        11⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        10⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        8⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
        7⤵
        Program crash
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        11⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        12⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
        13⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        12⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        11⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
        8⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
        7⤵
        Program crash
        
        PID:2260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        6⤵
        Program crash
        
        PID:1288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        11⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        12⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        13⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        14⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        15⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        14⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        13⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        12⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        11⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        11⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        12⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 200
        13⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 236
        12⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 236
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        10⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        8⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        12⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
        13⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
        13⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 236
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
        9⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        Program crash
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        11⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        12⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        13⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        14⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 236
        13⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 220
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        9⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 216
        8⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        7⤵
        Program crash
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        11⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
        12⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 236
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        10⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        11⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        12⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
        11⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        8⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 220
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
        8⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        Program crash
        
        PID:2908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        6⤵
        Program crash
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        8⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        11⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        12⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 220
        12⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        10⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        11⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        12⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        13⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 236
        12⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 220
        11⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        10⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        12⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        13⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 220
        10⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
        7⤵
        Program crash
        
        PID:2692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        6⤵
        Program crash
        
        PID:1136
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
        5⤵
        Program crash
        
        PID:2488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        10⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        12⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        13⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        14⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 236
        13⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        12⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        11⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        9⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        11⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        12⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        13⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        10⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        10⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        11⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 220
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        11⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 220
        8⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        10⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        11⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        12⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        13⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
        12⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        9⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
        7⤵
        Program crash
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        11⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 220
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        11⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        9⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        9⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        11⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 236
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        10⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        9⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        7⤵
        Program crash
        
        PID:3440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
        6⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        5⤵
        Program crash
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        10⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        11⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        12⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        13⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        10⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        12⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        13⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        12⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        11⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        9⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        8⤵
        Program crash
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
        7⤵
        Program crash
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        11⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 220
        12⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        11⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        10⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        11⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
        11⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        10⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
        8⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        6⤵
        Program crash
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        10⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        11⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 236
        10⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 240
        9⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        8⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        7⤵
        
        PID:5020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        6⤵
        Program crash
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        5⤵
        Program crash
        
        PID:1620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
        9⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        10⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        11⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        12⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        13⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        14⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        15⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        14⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        13⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 236
        12⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
        10⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        11⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        12⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
        13⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        14⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 236
        13⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        11⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51524.exe
        12⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 236
        13⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        12⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        11⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        8⤵
        Program crash
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        10⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        11⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        12⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        13⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        14⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        15⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 236
        14⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 220
        13⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        11⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
        12⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
        13⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
        13⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        12⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        11⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        12⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        13⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        14⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 236
        13⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        12⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        8⤵
        Program crash
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        7⤵
        Program crash
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
        12⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        11⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        12⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 204
        11⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        8⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        10⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
        11⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        12⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
        12⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        11⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        10⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        7⤵
        Program crash
        
        PID:2780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        6⤵
        Program crash
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        10⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        11⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        12⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        13⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        14⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 236
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        12⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
        11⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        12⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        13⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
        13⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        11⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        12⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        13⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 236
        12⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 236
        11⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        10⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        9⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        8⤵
        Program crash
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        10⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        11⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        12⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        11⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        10⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        8⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        7⤵
        Program crash
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51166.exe
        11⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        12⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
        12⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        9⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        8⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
        7⤵
        Program crash
        
        PID:3772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Program crash
        
        PID:2212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        5⤵
        Program crash
        
        PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        10⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        12⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        13⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 236
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        11⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        12⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        13⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
        12⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        11⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        10⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
        11⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        12⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
        12⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 220
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        8⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        10⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        11⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        12⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        11⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        10⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        10⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        11⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        12⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        11⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
        10⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
        9⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        7⤵
        Program crash
        
        PID:3552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        6⤵
        Program crash
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        6⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        10⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 236
        11⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        10⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        9⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        8⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        7⤵
        
        PID:5100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        6⤵
        Program crash
        
        PID:1188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        5⤵
        Program crash
        
        PID:344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        10⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
        11⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        12⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        13⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
        12⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        11⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        9⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        10⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
        11⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        10⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 236
        9⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        8⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        9⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5909.exe
        10⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        11⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
        11⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
        10⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        9⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        7⤵
        
        PID:4236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 220
        6⤵
        Program crash
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        10⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
        11⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        12⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
        11⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        10⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        9⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        8⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        7⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        6⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        9⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        10⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        11⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        10⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        9⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        8⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        7⤵
        
        PID:5572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        6⤵
        Program crash
        
        PID:3412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        5⤵
        Program crash
        
        PID:2788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
      4⤵
      Program crash
      PID:268
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2440
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
  2⤵
  - Program crash
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe

Filesize
184KB

MD5
e31ce54191c2620924d7eda690e7b61a

SHA1
ce11d01da5e08a5ca4b449464f5a2386f3a4910a

SHA256
5c4015d73dab440ce3c1e0a5c2b20d0ecbe625dc4c7cc4fb4445b5a92d575ec0

SHA512
cbdcf36b2ffb3979331046fab0205d264f297138ff704370023ee7dd0fc04971e34cbc6fc47fc7c698d29e38533e6a1d433613f47ff6a99109f9e7c6a9477ce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe

Filesize
184KB

MD5
c40a10d157bad56985ae91b12c1c19e6

SHA1
3dc912ef00605d5580aa3ea50c1cd4f414127cbd

SHA256
d7523224123f9dd7154508cf5c09900d8c1a478fa5bc78ba69bc5b19f716a5c0

SHA512
548b40bd4c486ba62f462a2db7db0433e927afe3d576a23c64ee71258d23d10ef31164330d9a8a34ecb8931d3f18c5fa89eb2a041d9e84da9847425da1ba7200

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe

Filesize
184KB

MD5
1fef80e052bcf8b4de5dfad0cdefe552

SHA1
21b08ee2659338abc8ccd54f8246aa8652f5eb80

SHA256
5da84d5aa919e8a65483d63a4e60f130c1fa1b239de64e5115ad81b00d3a3520

SHA512
151ecdede799205ef73b1c94ec93b805fcb914e99dbb9891fd29cf05f4c88a924f67e4d4139604cb4f3f0b183d2ca36b2b18683b864d835498a0a55993a52068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe

Filesize
184KB

MD5
1de61878a4ee92775de154563d1be24d

SHA1
26f5dd255910f32572b4e9ac207dcdf79611020b

SHA256
3af53da2e5656afc8f0b75f8882105a829f13d20ff458e44019fa2123150b200

SHA512
4272cd16df604671b62e23fb61c8bf85201af92ce95ffe059c322372ef69409561ca9fe54d3d93d90854215444a1d2bf3c70cd2e3d10a6ac33fbca2fab040281

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe

Filesize
184KB

MD5
55771857cde6d2cf466a49ec6c029088

SHA1
19f3104385cbdffb3a6aae70d8d260293caaae9f

SHA256
b23cd06f232d4ff5228585676fbec9171d81f269121344dccb295ad211b206fc

SHA512
735f442889a46ad39238e4d618a593bebfd98d229abc19071fcc1ddc1e328320a38f877d6ac5f7b33ef78ddb1681b6ebcca4d157eba88df6e90df067873cbd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe

Filesize
184KB

MD5
77ae0bc9757ed5d981594a33ce1dd765

SHA1
0827d313db96dff9c1324f8d6dc8630f44c7208d

SHA256
d2d5a0ca78a7b3dce5c9ce40023c730d8aa413b869f99cb5b0a76a259ff54329

SHA512
0154d1a3b1b4e5576b1f31e5fec8e7edc22a6817e3068e8f48874e62a6a820716df408aff4025842ca0a53aeb06a01b3196e26f47433ba18f90c7b6c882023f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe

Filesize
184KB

MD5
7f5150864f7a043d43e24ca0acfa38f3

SHA1
157835ed6f054b337690f948cef3482ba1e26813

SHA256
755828fab28744288e786c288826187516c4b95b6d6eec4c60675a40308355c8

SHA512
a3d190cd27a6427db43e68628958a1333b3306120f18e5e9341a46248f2be8881fe4031ed45209a8dbdda8c8e2cd52fef9db960fa2c7aac410f5152377c2aa72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe

Filesize
184KB

MD5
e2a853bc74e3162562075de0abe20e56

SHA1
6e2b6ce0a3acf02ff2f8067e446c23e414a3003f

SHA256
50710d84b7d5c099f8bc7442557389fcb180fb9bb07940bd322364e113a10cf8

SHA512
82c4f26ee34aa1172792a061faf0db07ace93ecb61a43113fdf7f91c49c3180a48d34bb0cf19f9640fd1fc11c3bd06e02896754525459b0b6acac8e33e21c193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe

Filesize
184KB

MD5
bf6abbf5dd3c4794db80adcaa5df641c

SHA1
c05da03898f5e828cebff407cb23e3d8dfb290e1

SHA256
638c19b7b298c4a808e02a138305922b999bce82cf5a33b88d1b751fb21ab05b

SHA512
ab990c4f659e8d8b4f1f5045f4660667a38c8ff691eae10dedbe507d129152b22cdf18b073dd5bb85be51846584caf515972db6f4cecc050ff47ac6f73b261cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe

Filesize
184KB

MD5
a9ef2abb8d81d0b85f6b5c76c0698b0b

SHA1
84b6bfe05dcd653e4cfe9d7dd1b9fc1a0211a628

SHA256
9432831d8d0e8aae8a9159e06d21f05b8af6f43e5a0047191af7f9baf5115f36

SHA512
c36d0ec07c684483ab77db3fd9d28840a9cf7ac564fdec4037be4e56a1e0b055508fdaa347f5c619b1fe3fc0ff3dcd5f673e7ad09e2c3ee3a07b1c529d99d97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe

Filesize
184KB

MD5
599e45d9b56221434743f23fa7db3bf4

SHA1
e3068817fa8b9507b288b22a5ca9b0d61da887cc

SHA256
5e815c3218253d15ef0eab95f7616f2793e507e24289e53c11e9eff8503cbb7e

SHA512
c6a2323cb5cd9d590440955a91b48f8579f08b073f2f2251480366b6cda93ef98b7778f8b6d4ffe5a40788dfee4747675bd7bfa7cecff61f6867b06a22a5002c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe

Filesize
184KB

MD5
b0e65bc7734d5fe27d11e177e4606168

SHA1
fbb317c88f999c11adae4bc24f4892d2322ba1e8

SHA256
2596a81bef68fdfde8c0a627e2858d812f3162f317dcfd97c16a16bb8bb424c0

SHA512
4e52d69a30916171995b888ec7617c45e3ed9a6d6e7fdd04bb5baa5db457c34ab1640cc8d8b65c8254f862cac49ae2c45d870b5f7bdcddaf3ccf55e0e833ef1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe

Filesize
184KB

MD5
2fdf246fc580565a364c1edd0bc5dfa0

SHA1
4f45114645078c52dda2dd9b2fac5b979c47540c

SHA256
b3fe504e389732116ece3508f97758d7a10b019f7fe332700db6f61917ea838b

SHA512
9a552349353e55b977689df227614bc2759124233c61f5fcdfa9fa06d2003c0b7b4233757e590e3bef0275d68f3b962652add40dec58cadef0b810f46bda793c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe

Filesize
184KB

MD5
8282a2fc50635ee558ef896aa190fb04

SHA1
db64141b020c4507b734e599b046cdc53adfad2a

SHA256
846106008d07335e66403e8bd34e1e9b2a6bcdb4d3128dfe962964ecd602c38d

SHA512
60673ba63d29df588105e9a5cfdf7d876357f8e4ba6b90e37c9de1a895a52fdd943479b872e33c502a91f2827f1ee7c1b7af3dc0b24ef71f10066bc48cc944d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe

Filesize
184KB

MD5
b3c5e774246bada7cd6bcc358337e799

SHA1
e72b349a213f1ddcb19ee9319722d145791389c8

SHA256
b0578adc54a40f2a63487f1c427431e7989375d0f43f372e9827ba0f5b3076b2

SHA512
dff203ff184119a1e3b7c8c04af981604f016344294e98522d93fef6adfc98bf48767aa9c5d741747e2b1e73e4c5765c238f9c4c44b67667e06cae0745830a1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe

Filesize
184KB

MD5
80abcdd74822a2e834ebdf4e5209e22b

SHA1
465151d54e08e2234ab3a0d12320608de606e45e

SHA256
86638e1fa3f0ed896495893fd5ed307349005decdfd30ddd4ee11a6e37995183

SHA512
ea577351f8f3a2bf88876458c012ab30e4f767c15b6228d963a2fb9eead5ba58ef3bd09f72aa17636a2879fda4c170490c92cf3ac6b641adc3bdcc053a53e4ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe

Filesize
184KB

MD5
73885347cba9058173b7cd7462d3d247

SHA1
6960297f0750aae3f61d78eb48a070be9ef55c32

SHA256
986714fea5ee6cc1247963ab87061e6c7d11f7ed77fa13fe5109552ed4dc217b

SHA512
ca11d6f9022447aa785bc54ac19d90669c8b49cbc794fe452baf449568c607c1fe08f323fb112b5e149870851e3f3850f27f998d4b989ab98bbd19b63e3eec27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe

Filesize
184KB

MD5
cb53c4dba1494bf3e028b3f0a88e1d80

SHA1
e1b4304f269921ff7769d3b94487d42eb1759de4

SHA256
81404d177bd1e52b8872447a50a572a16ac07245f911b650a6c3515fd048e75e

SHA512
24d75b77662f91138e34359e48dbe2f28d009db83491aecf617e86f5258614b08c53819121394b03f62b8bdbc7a10a4f495fa534fdb2a22d79070f4036244213

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe

Filesize
184KB

MD5
29479bc89c078f633b3cef6b6622fd45

SHA1
47435076086609e547a0b92cc687ff300a125fb9

SHA256
4a5e4e5c86d9ac3db99f54c94a8dc5996661a6df8c27b40a636b7b94cb855e04

SHA512
f122620bdd3dd07135241d764abeccbba751f97c52652d4ee152f5d32fcf6b00c4471a88c0fb7d89896f32221e0021dc1f25ab14da6349e8b7cd9a3da2dd0b78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe

Filesize
184KB

MD5
3bb258e1aed0729461dc5c2f49f674a1

SHA1
189a5f230d3ad91b25d9b614b199e8e5bf5d5889

SHA256
200fa9b1079b76afcac7e61939e036c8ec01b06a1d7d9a1a10a05422ac2ff3e3

SHA512
dc42af1f9f6437836d1ca9d74ed2279a7cee2a380ac2ad8c63d2f086146da2773bdc85c04e78a6c0cb605755e2896da574a1ed9e31abac4aa0f7cf44e4388605

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe

Filesize
184KB

MD5
1b33840faab035c3447f8b68654208ea

SHA1
bdc26542cbae92193581f228f4a96dcde078f0c5

SHA256
9ad0cd23500e773d367465fcd77e2e780c4e907f70d2716b571c164cb3871eaf

SHA512
273855f2aefe1467807a28f5caf96156a9814b29163f27c190ab9ca9af1ed3b0f37ac58888d99c932e11496e2528151bd8371e48d8dee7297b7ee62a31f53136

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe

Filesize
184KB

MD5
a033b46e798afde4d495eb85506b39ca

SHA1
883f81163185e8569889f1fb669d965fcadcbeb6

SHA256
28c2001b51a0b5edd4dbccbf7d264d78c4740b1c4e260dd21582afc8ef3fae11

SHA512
4a4a402a89b747889cb06647ab781b18f6d3c6e5e46acadd3767c27933f59bd0b797566aced03a44a9e132fa5b47d4e7c2e681ba3aa9ca71c076828145f3341f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe

Filesize
184KB

MD5
a9ac56967508c3c8424d66e9539c2964

SHA1
14d3ea681035a155cfe35f7ac73ba6b5cd97a8c4

SHA256
8fc1d8055e0d9c2a85329b2c30be09ee9834cb510e548354f21a45b6278c4682

SHA512
322fa04bc53c66d51c7e99fa16e119499a442e613bd0edae6e778305bfd9b7e342427c1d1185095c0a2727adf44e8e76827ac7db4b411a88c9992a168825c654

Download Submit